Skip to content

undo-ransomware/ransomware_detection

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

WARNING: The app was removed and replaced by a dummy app in the app store because of an open problem that can lead to the deletion of all files. I recommend disabling or remove the app.

Nextcloud Ransomware Recovery

Build Status Scrutinizer Code Quality codecov

Ransomware detection with a guided user-controlled one-step recovery.

Ransomware Recovery App

This app monitors file operations during the synchronization to detect ransomware attacks. This is done by using generic indicators for a guided user-controlled one-step recovery utilizing the integrated file versioning methods.

Features

  • Ransomware Detection: Monitoring the file operations, analysing and classifying the collected data by using generic indicators allows a reliable detection.
  • 💻Recovery Interface: The color coded results of the classification offer an easy-to-use recovery interface giving the user full control of the recovery process.
  • ☺️Guided Undo: The guided user-controlled one-step recovery allows the user to quick and savely restore all - by ransomware - encrypted files without being affected by any false positives.

Installation

In your Nextcloud, simply navigate to »Apps«, choose the category »Security«, find the Ransomware recovery app and enable it. Then open the Ransomware recovery app from the app menu.

Frequently Asked Questions

  • Can the Ransomware Recovery app used together with the Nextcloud official Ransomware Protection app?
    Yes, it can be used together with the Nextloud official Ransomware Protection app.

  • What's the difference between the Ransomware Recovery app and the Nextcloud official Ransomware Protection app?
    The difference between this apps is pretty simple: The Nextcloud official Ransomware Protection app uses white- and blacklisting of file extensions to protect you against ransomware files, this only works for already known ransomware families. In contrast, the Ransomware Recovery app utilises the ransomware behaviour to mark possible ransomware attacks with an user-controlled recovery to give an easy-to-use mechanism to recover from unknown ransomware families.

Acknowledgements

This project was created for the Undo Ransomware Prototype Fund project.

Sponsored by the Federal Ministry of Education and Research A Prototype Fund Project Prototype Fund is an Open Knowledge Foundation Project